storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security hole in multipart.cgi.in, w3mman2html.cgi.in

Browse Source 
From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
This commit is contained in:
Fumitoshi UKAI
2001-12-21 18:33:41 +00:00
parent 4678cc6395
commit 54702c4d83
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@@ -1,3 +1,11 @@
2001-12-22 Hironori Sakamoto <h-saka@lsi.nec.co.jp>
* Security hole in multipart.cgi.in, w3mman2html.cgi.in
* scripts/w3mhelp.cgi.in: open(F, "< $var") instead of open(F, $var)
* scripts/w3mhelp.cgi.in: fix eval qq{require ...};
* scripts/multipart/multipart.cgi.in: ditto
* scripts/w3mman/w3mman2html.cgi.in: validate $keyword, $section, $man
2001-12-21 Fumitoshi UKAI <ukai@debian.or.jp> 2001-12-21 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev-en 00656] * [w3m-dev-en 00656]
@@ -1369,4 +1377,4 @@
* release-0-2-1 * release-0-2-1
* import w3m-0.2.1 * import w3m-0.2.1
$Id: ChangeLog,v 1.152 2001/12/21 02:11:49 ukai Exp $ $Id: ChangeLog,v 1.153 2001/12/21 18:33:41 ukai Exp $

4
scripts/multipart/multipart.cgi.in
View File

@@ -25,7 +25,7 @@ if (defined($ENV{'QUERY_STRING'})) {
$CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file); $CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file);
} }
open(F, $file); open(F, "< $file");
$end = 0; $end = 0;
$mbody = ''; $mbody = '';
if (defined($boundary)) { if (defined($boundary)) {
@@ -258,7 +258,7 @@ sub load_mime_type {
local($file) = @_; local($file) = @_;
local(%m, $a, @b, $_); local(%m, $a, @b, $_);
open(M, $file) || return (); open(M, "< $file") || return ();
while(<M>) { while(<M>) {
/^#/ && next; /^#/ && next;
chop; chop;

6
scripts/w3mhelp.cgi.in
View File

@@ -1,5 +1,5 @@
#!@PERL@ #!@PERL@
# $Id: w3mhelp.cgi.in,v 1.3 2001/12/02 13:16:29 ukai Exp $ # $Id: w3mhelp.cgi.in,v 1.4 2001/12/21 18:33:41 ukai Exp $
$helpdir = "@HELP_DIR@"; $helpdir = "@HELP_DIR@";
unshift(@INC, $helpdir); unshift(@INC, $helpdir);
@@ -29,7 +29,7 @@ if (defined($ENV{'QUERY_STRING'})) {
$tlang =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; $tlang =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
$tlang =~ tr/A-Z/a-z/; $tlang =~ tr/A-Z/a-z/;
print "tlang=$tlang\n"; print "tlang=$tlang\n";
eval qq{require "w3mhelp-funcdesc.$tlang.pl"}; eval {require "w3mhelp-funcdesc.$tlang.pl";};
if (defined(%funcdesc)) { if (defined(%funcdesc)) {
$lang = $tlang; $lang = $tlang;
} }
@@ -37,7 +37,7 @@ if (defined($ENV{'QUERY_STRING'})) {
} }
if (-f $keymap) { if (-f $keymap) {
open(KEYMAP, $keymap) || die "cannot open keymap: $keymap, $!"; open(KEYMAP, "< $keymap") || die "cannot open keymap: $keymap, $!";
&load_keymap(*KEYMAP, $func); &load_keymap(*KEYMAP, $func);
close(KEYMAP); close(KEYMAP);
} }

6
scripts/w3mman/w3mman2html.cgi.in
View File

@@ -31,7 +31,7 @@ Content-Type: text/html
<h2>man -k <b>$k</b></h2> <h2>man -k <b>$k</b></h2>
<ul> <ul>
EOF EOF
$keyword =~ s:([^\w./]):\\$1:g; $keyword =~ s:([^-\w\200-\377.,])::g;
open(F, "$MAN -k $keyword 2> /dev/null |"); open(F, "$MAN -k $keyword 2> /dev/null |");
@line = (); @line = ();
while(<F>) { while(<F>) {
@@ -82,8 +82,8 @@ if ($man =~ s/\((\w+)\)$//) {
$man_section = "$man"; $man_section = "$man";
} }
$section =~ s:([^\w./]):\\$1:g; $section =~ s:([^-\w\200-\377.,])::g;
$man =~ s:([^\w./]):\\$1:g; $man =~ s:([^-\w\200-\377.,])::g;
open(F, "$MAN $section $man 2> /dev/null |"); open(F, "$MAN $section $man 2> /dev/null |");
$ok = 0; $ok = 0;
undef $header; undef $header;